![[OR] [CCB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/6b0c36e9-6fb9-4705-a42a-089010976426.png)
CBS-1 Core Deposit & Account Services
Introduction
![[OR] [CCB] [E3] [CBS] [1] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/b42bebcb-9b67-4235-a6be-d107512cf0de.png)
Under the operational resilience framework, China Construction Bank (Malaysia) Berhad (CCB Malaysia) must identify Severe but Plausible Scenarios (SbPS) that could disrupt its Critical Business Services (CBS).
As highlighted in the referenced guidance, SBP scenarios are events that are extreme in impact yet realistic in likelihood, based on the institution’s risk profile, operating environment, and threat landscape.
For CBS-1: Core Deposit & Account Services, disruption could severely affect customers’ access to funds, payment obligations, regulatory compliance, and financial stability.
Therefore, scenario design must integrate cyber risks, ICT failures, third-party dependencies, operational errors, and external threats, ensuring alignment with the bank’s overall technology and cyber risk management framework.
The table below outlines the recommended SBP scenarios for each Sub-CBS, including impact assessments, proactive mitigation measures, and explicit linkages to Cyber and ICT risk integration.
![Banner [Table] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/f4f3c007-e864-48cd-8bc1-0242c8b7fd86.png)
Table P5: Detailed Processes for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
1.1 |
Account Opening & Onboarding |
Prolonged outage of the digital onboarding platform due to a ransomware attack on customer onboarding servers |
Inability to open new accounts; onboarding backlog; KYC delays; reputational damage |
Implement endpoint detection & response (EDR); segregate onboarding servers; maintain offline KYC processing capability; conduct cyber recovery drills |
Integration with Cyber Security Framework (NIST/ISO 27001), secure SDLC, identity & access management (IAM), ransomware resilience testing |
|
1.2 |
Deposit Maintenance & Account Administration |
Core banking system configuration corruption following failed system patch update |
Inaccurate customer data; inability to update account details; regulatory reporting inaccuracies |
Change management controls; pre-production testing; system rollback capability; automated data reconciliation |
ICT change management governance; patch management controls; configuration monitoring tools |
|
1.3 |
Deposit Transactions Processing |
Data centre outage due to a power failure, combined with DR replication lag |
Customers unable to access funds; ATM/online transaction failures; liquidity stress |
Active-active data replication; periodic DR failover testing; UPS & generator redundancy; real-time monitoring |
Data centre resilience strategy; Recovery Time Objective (RTO)/Recovery Point Objective (RPO) alignment; infrastructure redundancy |
|
1.4 |
Interest & Charges Calculation & Posting |
Batch processing engine failure at month-end caused by database overload or cyber intrusion |
Incorrect interest postings; financial misstatements; customer disputes |
Capacity stress testing; automated reconciliation controls; database activity monitoring; segregation of duties |
Database security controls, ICT capacity planning, privileged access management |
|
1.5 |
Account Inquiry & Statement Services |
A Distributed Denial of Service (DDoS) attack on an internet banking platform |
Customers unable to view balances; surge in call centre traffic; reputational impact |
DDoS mitigation services; traffic filtering; multi-channel access (branch, RM support); communication protocol |
Network security architecture; SOC monitoring; cyber threat intelligence integration |
|
1.6 |
Transfer & Payment Execution |
Malware infection affecting the payment gateway interface with RENTAS/FPX/SWIFT |
Payment delays or failures; settlement breach; regulatory penalties; systemic risk implications |
Network segmentation; real-time transaction monitoring; payment contingency procedures; secure SWIFT controls (CSP compliance) |
SWIFT Customer Security Programme (CSP); payment system cybersecurity controls; transaction anomaly detection systems |
|
1.7 |
Foreign Currency Deposit Services |
Disruption of the external FX rate feed provider due to a third-party cyber incident |
Incorrect FX conversion rates; financial losses; customer disputes |
Third-party risk assessments; secondary FX data provider; automated rate validation controls |
Third-party ICT risk management; API security controls; vendor resilience testing |
|
1.8 |
Account Closure & Dormancy Management |
Failure of the AML monitoring system due to a software defect or a cyber compromise |
Inadequate dormancy controls; AML/CFT compliance breach; regulatory sanctions |
Periodic AML system validation; manual oversight review; backup compliance monitoring process |
AML system cybersecurity controls; data integrity checks; compliance system redundancy |
Key Risk Themes Identified
Across CBS-1, the most material Severe but Plausible Scenarios involve:
- Cyber threats (ransomware, DDoS, malware, data corruption)
- ICT infrastructure failures (data centre outages, system overloads)
- Third-party service disruptions (FX data providers, payment gateways)
- Change management weaknesses
- Data integrity and reconciliation risks
Integration with Cyber and ICT risk frameworks ensures that resilience measures are not siloed but embedded within enterprise-wide security governance, including Security Operations Centre (SOC) monitoring, threat intelligence, privileged access management, and disaster recovery strategies.
![Banner [Summing] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/446ccb83-e056-40d0-aae5-834d73c13f43.png)
Identifying Severe but Plausible Scenarios for CBS-1: Core Deposit & Account Services enables China Construction Bank (Malaysia) to rigorously test its resilience posture against high-impact, realistic disruption events.
These scenarios ensure that the bank moves beyond theoretical risk assessment to practical stress-testing of operational capabilities.
By integrating cyber security, ICT resilience, third-party risk management, and governance controls into scenario planning, CCB Malaysia strengthens its ability to anticipate, withstand, and recover from operational shocks.
This structured identification of SBP scenarios supports regulatory compliance, safeguards customer interests, and reinforces confidence in the bank’s core deposit and payment services—ensuring sustainable operational resilience in an increasingly digital and interconnected banking environment.
![[OR] [CCB] [E3] [CBS] [1] [DP] Core Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/70b3123a-bbfb-4846-abc4-03afd7ed6295.png)
![[OR] [CCB] [E3] [CBS] [1] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/7783bc34-2caf-41dd-8a79-f49495b3fa7c.png)
![[OR] [CCB] [E3] [CBS] [1] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/33402972-1850-4473-8b4e-941bff695fb6.png)
![[OR] [CCB] [E3] [CBS] [1] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/031102ef-eb14-442d-822e-f4779c89cd15.png)
![[OR] [CCB] [E3] [CBS] [1] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/7ce11b80-4ff1-48c5-8b98-d245d2b2558f.png)
![eBook Cover [OR] [CCB] [E2] [2D]](https://no-cache.hubspot.com/cta/default/3893111/9b21eac0-621d-41c1-a95b-81665c719a89.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
